Overview

Products Affected

Description

LhaForge is a file compression/decompression software. The installer of LhaForge contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).

Impact

Arbitrary code may be executed with the privilege of the user invoking the installer.

Solution

Use the latest installer
Use the latest installer according to the information provided by the developer.
Users who already have installed LhaForge do not need to re-install the software, because this issue affects the installer only.